Zhi Lu,Songfeng Lu,Yongquan Cui,Junjun Wu,Hewang Nie,Jue Xiao,Zepu Yi

DOI: https://doi.org/10.1007/978-3-031-69766-1_19

2024-01-01

Abstract:Federated learning (FL) is a distributed machine learning approach that reduces data transfer by aggregating gradients from multiple users. However, this process raises concerns about user privacy, leading to the emergence of privacy preserving FL. Unfortunately, this development poses new Byzantine-robustness challenges as poisoning attacks become difficult to detect. Existing byzantine-robust algorithms operate primarily in plaintext, and crucially, current byzantine-robust privacy FL methods fail to concurrently defend against adaptive attacks. In response, we propose a lightweight, byzantine-robust, and privacy-preserving federated learning framework (LRFL), employing shuffle functions and encryption masks to ensure privacy. In addition, we comprehensively calculate the similarity of the direction and magnitude of each gradient vector to ensure byzantine-robustness. To the best of our knowledge, LRFL is the first byzantine-robust privacy preserving FL capable of identifying malicious users based on gradient angles and magnitudes. What's more, the theoretical complexity of LRFL is O(dN + dN logN), comparable to byzantine-robust FL with user number N and gradient dimension d. Experimental results demonstrate that LRFL achieves similar accuracy to state-of-the-art methods under multiple attack scenarios.

Zhi Lu,Songfeng Lu,Xueming Tang,Junjun Wu

DOI: https://doi.org/10.1109/tai.2023.3309273

2023-01-01

IEEE Transactions on Artificial Intelligence

Abstract:Federated Learning (FL) safeguards user privacy by uploading gradients instead of raw data. However, inference attacks can reconstruct raw data using gradients uploaded by users in FL. To mitigate this issue, researchers have combined privacy computing techniques with FL. However, these tech-niques may not ensure the Byzantine robustness of aggregation or the integrity of the aggregated outcomes. Most current robust privacy FL methods assess differences between gradients and benchmarks in the direction, allowing adversaries to poison the aggregation against the magnitude. Furthermore, these methods cannot ensure the integrity of the aggregation results. To over-come these challenges, this study proposes a novel algorithm, Robust and Verifiable Privacy Federated Learning(RVPFL), which can more effectively eliminate the poisoning attack of the opponent by measuring the direction and magnitude of the gradient in the ciphertext state. The proposed algorithm guarantees the integrity of server aggregation results while safe-guarding user privacy. In this study, comprehensive theoretical analysis and experimental validation of RVPFL are conducted to demonstrate its superiority. The proposed RVPFL algorithm solves the Byzantine robustness problem of aggregation and the integrity problem of aggregation results, which helps to research and develop more robust and effective privacy-preserving federal learning techniques.

Peihua Mai,Ran Yan,Yan Pang

2024-10-26

Abstract:Federated learning (FL) allows multiple devices to train a model collaboratively without sharing their data. Despite its benefits, FL is vulnerable to privacy leakage and poisoning attacks. To address the privacy concern, secure aggregation (SecAgg) is often used to obtain the aggregation of gradients on sever without inspecting individual user updates. Unfortunately, existing defense strategies against poisoning attacks rely on the analysis of local updates in plaintext, making them incompatible with SecAgg. To reconcile the conflicts, we propose a robust federated learning framework against poisoning attacks (RFLPA) based on SecAgg protocol. Our framework computes the cosine similarity between local updates and server updates to conduct robust aggregation. Furthermore, we leverage verifiable packed Shamir secret sharing to achieve reduced communication cost of $O(M+N)$ per user, and design a novel dot product aggregation algorithm to resolve the issue of increased information leakage. Our experimental results show that RFLPA significantly reduces communication and computation overhead by over $75\%$ compared to the state-of-the-art secret sharing method, BREA, while maintaining competitive accuracy.

Cryptography and Security,Artificial Intelligence

Jiao Zhang,Xiong Li,Wei Liang,Pandi Vijayakumar,Fayez Alqahtani,Amr Tolba

DOI: https://doi.org/10.1109/jiot.2024.3400389

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:As a typical privacy-aware machine learning paradigm, federated learning (FL) provides facilities to individually train edge clients with their private data and aggregate the central global model. In this way, privacy leakage can be prevented. Massive communication overhead caused by exchanging updated weights between clients and the server is one of the main obstacles in this strategy. Prior work advocates compressing the weights by employing quantization, gradient sparsification, and knowledge distillation approaches. However, most of them cannot be readily applied to secure aggregation in privacy-aware FL. Some research has made great progress in directly utilizing benchmark secure aggregation protocols on top of the non-privacy-aware FL. Graph-based and gradient-based sparsification has been widely adopted in previous studies. However, the results of reducing communication costs are still unsatisfactory. In this paper, we present a novel communication-efficient privacy-ware FL algorithm from a distinct perspective. We design a new Two-Phase Sparsification with Secure Aggregation (TPSSA) algorithm. In the subnetwork phase, we identify sparse subnetworks by freezing the initial random weights in sufficiently overparametrized networks. All edge clients collaboratively train to discover their subnetwork inside a dense randomly weighted neural network. Then the server aggregates to compute the global model. In the gradient phase, for each pair of edge clients, we introduce pairwise multiplicative random masks to identify the sparsification pattern. Then updates from surviving clients can be correctly cancelled out during the aggregation process in the server. Theoretical analysis reveals convergence, privacy and performance guarantee. We show improvements in accuracy, communication, and computation over traditional and sparsified secure aggregation benchmarks on two real-world datasets.

He Huang,Li Duan,Chao Li,Wei Ni

DOI: https://doi.org/10.1109/icws62655.2024.00066

2024-01-01

Abstract:Federated learning (FL), typically coordinated by a centralized server, faces the risk of a single-point failure during the model aggregation process. Moreover, existing privacy protection methods for FL model parameters, such as homomorphic encryption (HE) and differential privacy (DP), still suffer from high computational costs or reduced model availability. Malicious trainers can also transmit erroneous model parameters in FL systems. To address these issues, this paper proposes a secure and efficient model aggregation approach with privacy protection for blockchain-based FL, named SLABFL. The method employs a blockchain network to establish a fully decentralized distributed FL (D-FL) framework, integrating a hybrid privacy protection strategy comprising DP and multi-key homomorphic encryption (MK-HE). This approach ensures the confidentiality of model parameters while achieving precise aggregation. Additionally, a reputation mechanism is introduced to deter malicious participant behavior. The paper concludes with experiments on the MNIST dataset, which show that our proposed SLABFL can achieve accuracy similar to Fedavg and reduce the time overhead caused by HE.

Jiale Guo,Ziyao Liu,Kwok‐Yan Lam,Jun Zhao,Yiqiang Chen,Chaoping Xing

DOI: https://doi.org/10.48550/arxiv.2010.08730

2020-01-01

Abstract:The pervasive adoption of Internet-connected digital services has led to a growing concern in the personal data privacy of their customers. On the other hand, machine learning (ML) techniques have been widely adopted by digital service providers to improve operational productivity and customer satisfaction. ML inevitably accesses and processes users' personal data, which could potentially breach the relevant privacy protection regulations if not performed carefully. The situation is exacerbated by the cloud-based implementation of digital services when user data are captured and stored in distributed locations, hence aggregation of the user data for ML could be a serious breach of privacy regulations. In this backdrop, Federated Learning (FL) is an emerging area that allows ML on distributed data without the data leaving their stored location. However, depending on the nature of the digital services, data captured at different locations may carry different significance to the business operation, hence a weighted aggregation will be highly desirable for enhancing the quality of the FL-learned model. Furthermore, to prevent leakage of user data from the aggregated gradients, cryptographic mechanisms are needed to allow secure aggregation of FL. In this paper, we propose a privacy-enhanced FL scheme for supporting secure weighted aggregation. Besides, by devising a verification protocol based on Zero-Knowledge Proof (ZKP), the proposed scheme is capable of guarding against fraudulent messages from FL participants. Experimental results show that our scheme is practical and secure. Compared to existing FL approaches, our scheme achieves secure weighted aggregation with an additional security guarantee against fraudulent messages with an affordable 1.2 times runtime overheads and 1.3 times communication costs.

Xiao Chen,Haining Yu,Xiaohua Jia,Xiangzhan Yu

DOI: https://doi.org/10.1109/tifs.2023.3315125

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning (FL) is an emerging paradigm of privacy-preserving distributed machine learning that effectively deals with the privacy leakage problem by utilizing cryptographic primitives. However, how to prevent poisoning attacks in distributed situations has recently become a major FL concern. Indeed, an adversary can manipulate multiple edge nodes and submit malicious gradients to disturb the global model's availability. Currently, most existing works rely on an Independently Identical Distribution (IID) situation and identify malicious gradients using plaintext. However, we demonstrates that current works cannot handle the data heterogeneity scenario challenges and that publishing unencrypted gradients imposes significant privacy leakage problems. Therefore, we develop APFed, a layered privacy-preserving defense mechanism that significantly mitigates the effects of poisoning attacks in data heterogeneity scenarios. Specifically, we exploit HE as the underlying technique and employ the median coordinate as the benchmark. Subsequently, we propose a secure cosine similarity scheme to identify poisonous gradients, and we innovatively use clustering as part of the defense mechanism and develop a hierarchical aggregation that enhances our scheme's robustness in IID and non-IID scenarios. Extensive evaluations on two benchmark datasets demonstrate that APFed outperforms existing defense strategies while reducing the communication overhead by replacing the expensive remote communication method with inexpensive intra-cluster communication.

Xinchi Qiu,Heng Pan,Wanru Zhao,Chenyang Ma,Pedro Porto Buarque de Gusmão,Nicholas D. Lane

2023-05-19

Abstract:The majority of work in privacy-preserving federated learning (FL) has been focusing on horizontally partitioned datasets where clients share the same sets of features and can train complete models independently. However, in many interesting problems, such as financial fraud detection and disease detection, individual data points are scattered across different clients/organizations in vertical federated learning. Solutions for this type of FL require the exchange of gradients between participants and rarely consider privacy and security concerns, posing a potential risk of privacy leakage. In this work, we present a novel design for training vertical FL securely and efficiently using state-of-the-art security modules for secure aggregation. We demonstrate empirically that our method does not impact training performance whilst obtaining 9.1e2 ~3.8e4 speedup compared to homomorphic encryption (HE).

Machine Learning,Artificial Intelligence,Cryptography and Security

Dong Mao,Qiongqian Yang,Hongkai Wang,Zuge Chen,Chen Li,Yubo Song,Zhongyuan Qin

DOI: https://doi.org/10.3390/electronics13061028

IF: 2.9

2024-03-10

Electronics

Abstract:Federated learning (FL) is increasingly challenged by security and privacy concerns, particularly vulnerabilities exposed by malicious participants. There remains a gap in effectively countering threats such as model inversion and poisoning attacks in existing research. To address these challenges, this paper proposes the Effective Private-Protected Federated Learning Aggregation Algorithm (EPFed), a framework that utilizes a blockchain platform, homomorphic encryption, and secret sharing to fortify the data privacy and computational efficiency in a federated learning environment. EPFed works by establishing "trust groups" through the unique integration of a Chinese Remainder Theorem-based secret sharing scheme with Paillier homomorphic encryption, streamlining secure model parameter exchange and aggregation while minimizing the computational load. Our performance-driven aggregation strategy leverages local performance metrics to safeguard against malicious contributions, ensuring both the integrity and efficiency of the learning process. The evaluations demonstrate that EPFed achieves a remarkable accuracy rate of 92.5%, thereby confirming the advanced nature of the proposed solution in addressing the pressing challenges of FL.

engineering, electrical & electronic,computer science, information systems,physics, applied

Dong Chen,Hongyuan Qu,Guangwu Xu

2024-01-01

Abstract:Privacy attacks and poisoning attacks are two of the thorniest problems in federation learning (FL). Homomorphic encryption (HE), which allows certain mathematical operations to be done in the ciphertext state, provides a way to solve these two problems simultaneously. However, existing Paillier-based and CKKS-based privacy-preserving byzantine-robust FL (PBFL) solutions not only suffer from low efficiency but also expose the final model to the server. Additionally, these methods are limited to one robust aggregation algorithm (AGR) and are therefore vulnerable to AGR-tailored poisoning attacks. In this paper, we present AegisFL, an efficient PBLF system that provides the flexibility to change the AGR. We first observe that the core of the existing advanced AGRs is to calculate the inner products, $L_2$ norms and mean values for vectors. Based on this observation, we tailor a packing scheme for PBFL, which fits perfectly with RLWE-based fully homomorphic encryption. Under this packing scheme, the server only needs to perform one ciphertext multiplication to construct any required AGR, while the global model only belongs to honest clients. Finally, we conduct extensive experiments on different datasets and adversary settings, which also confirm the effectiveness and efficiency of our scheme.

Meng Hao,Hongwei Li,Guowen Xu,Hanxiao Chen,Tianwei Zhang

DOI: https://doi.org/10.1145/3485832.3488014

2021-12-06

Abstract:Federated learning (FL) has demonstrated tremendous success in various mission-critical large-scale scenarios. However, such promising distributed learning paradigm is still vulnerable to privacy inference and byzantine attacks. The former aims to infer the privacy of target participants involved in training, while the latter focuses on destroying the integrity of the constructed model. To mitigate the above two issues, a few works recently explored unified solutions by utilizing generic secure computation techniques and common byzantine-robust aggregation rules, but there are two major limitations: 1) they suffer from impracticality due to efficiency bottlenecks, and 2) they are still vulnerable to various types of attacks because of model incomprehensiveness. To approach the above problems, in this paper, we present SecureFL, an efficient, private and byzantine-robust FL framework. SecureFL follows the state-of-the-art byzantine-robust FL method (FLTrust NDSS’21), which performs comprehensive byzantine defense by normalizing the updates’ magnitude and measuring directional similarity, adapting it to the privacy-preserving context. More importantly, we carefully customize a series of cryptographic components. First, we design a crypto-friendly validity checking protocol that functionally replaces the normalization operation in FLTrust, and further devise tailored cryptographic protocols on top of it. Benefiting from the above optimizations, the communication and computation costs are reduced by half without sacrificing the robustness and privacy protection. Second, we develop a novel preprocessing technique for costly matrix multiplication. With this technique, the directional similarity measurement can be evaluated securely with negligible computation overhead and zero communication cost. Extensive evaluations conducted on three real-world datasets and various neural network architectures demonstrate that SecureFL outperforms prior art up to two orders of magnitude in efficiency with state-of-the-art byzantine robustness.

Jinhyun So,Ramy E. Ali,Basak Guler,Jiantao Jiao,Salman Avestimehr

2023-07-27

Abstract:Secure aggregation is a critical component in federated learning (FL), which enables the server to learn the aggregate model of the users without observing their local models. Conventionally, secure aggregation algorithms focus only on ensuring the privacy of individual users in a single training round. We contend that such designs can lead to significant privacy leakages over multiple training rounds, due to partial user selection/participation at each round of FL. In fact, we show that the conventional random user selection strategies in FL lead to leaking users' individual models within number of rounds that is linear in the number of users. To address this challenge, we introduce a secure aggregation framework, Multi-RoundSecAgg, with multi-round privacy guarantees. In particular, we introduce a new metric to quantify the privacy guarantees of FL over multiple training rounds, and develop a structured user selection strategy that guarantees the long-term privacy of each user (over any number of training rounds). Our framework also carefully accounts for the fairness and the average number of participating users at each round. Our experiments on MNIST and CIFAR-10 datasets in the IID and the non-IID settings demonstrate the performance improvement over the baselines, both in terms of privacy protection and test accuracy.

Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing,Information Theory

Jiaqi Zhao,Hui Zhu,Fengwei Wang,Yandong Zheng,Rongxing Lu,Hui Li

DOI: https://doi.org/10.1109/tsc.2024.3377931

2024-01-01

Abstract:The ever-growing data scale and increasingly strict privacy restraint have recently drawn extensive attention to federated learning (FL) as a multi-party machine learning paradigm for achieving high-quality model construction without data collection. Nevertheless, uploading local models in FL can still be exploited by adversaries to infer participants' sensitive data. Furthermore, it is possible for malicious participants to manipulate the global model by submitting poisonous local models. To tackle these challenges, this paper proposes an efficient and privacy-preserving federated learning framework against poisoning adversaries, namely ELFL, which can ensure the confidentiality of local models while effectively resisting data poisoning attacks. Specifically, we first design a grouped secure aggregation algorithm, through which the aggregation server can compute the summations of local models inside logic groups but cannot see individual ones. Then, based on grouped aggregations, our poisoning defense mechanism could detect and quickly phase out malicious participants from training candidates. Moreover, the computational complexity of participants is independent of their total number, so it is suitable for large-scale scenes. Detailed security analysis demonstrates the security of ELFL. Experimental results show that ELFL could maintain a high accuracy against representative data poisoning attacks, and its computational and communication overhead is indeed low.

Enrique Mármol Campos,Aurora González Vidal,José Luis Hernández Ramos,Antonio Skarmeta

2024-02-16

Abstract:Federated Learning (FL) represents a promising approach to typical privacy concerns associated with centralized Machine Learning (ML) deployments. Despite its well-known advantages, FL is vulnerable to security attacks such as Byzantine behaviors and poisoning attacks, which can significantly degrade model performance and hinder convergence. The effectiveness of existing approaches to mitigate complex attacks, such as median, trimmed mean, or Krum aggregation functions, has been only partially demonstrated in the case of specific attacks. Our study introduces a novel robust aggregation mechanism utilizing the Fourier Transform (FT), which is able to effectively handling sophisticated attacks without prior knowledge of the number of attackers. Employing this data technique, weights generated by FL clients are projected into the frequency domain to ascertain their density function, selecting the one exhibiting the highest frequency. Consequently, malicious clients' weights are excluded. Our proposed approach was tested against various model poisoning attacks, demonstrating superior performance over state-of-the-art aggregation methods.

Machine Learning,Cryptography and Security

Ying Lin,Shengfu Ning,Jianpeng Hu,Jiansong Liu,Yifan Cao,Junyuan Zhang,Huan Pi

DOI: https://doi.org/10.1007/978-3-031-10989-8_4

2022-01-01

Abstract:As a distributed machine learning framework, federated learning enables a multitude of participants to train a joint model privately by keeping training data locally. The federated learning is emerging as a promising alternative to solve data privacy protection, but it has been proven that federated learning is vulnerable to attacks from malicious clients, especially Byzantine attackers sending poisoned parameters during the training phase. To address this problem, several aggregation approaches against Byzantine failures have been proposed. However, these existing aggregation methods are only of limited utility in the setting of privacy protection. This paper proposes a privacy-preserving and Byzantine-robust federated learning framework (PPBR-FL) which achieves the objective to satisfy privacy and robustness simultaneously. We use the local differential privacy mechanism to realize privacy protection for the clients and propose a Byzantine-robust aggregation rule named as TPM (Trimmed Padding Mean) to realize robustness. Extensive experiments on two benchmark datasets demonstrate that the TPM outperforms the classical aggregation approaches in terms of robustness and privacy. When less than half of the workers are Byzantine attackers, the final global model not only achieves satisfactory performance against Byzantine attack, but also provide privacy protection on parameters to prevent privacy disclosure.

Shisong Yang,Yuwen Chen,Zhen Yang,Bowen Li,Huan Liu

DOI: https://doi.org/10.1109/tgcn.2023.3277251

2023-01-01

IEEE Transactions on Green Communications and Networking

Abstract:Federated learning has been a paradigm for privacy-preserving machine learning, but recently gradient leakage attacks threaten privacy in federated learning. Secure aggregation for federated learning is an approach to protect users’ privacy from these attacks. Especially in federated learning with large-scale mobile devices, e.g., smartphones, secure aggregation should be dropout-resilient and have low communication overhead in addition to protecting privacy. However, existing studies still suffer from performance degradation and security risk, since the number of the dropped users increases. To address these problems, we propose an effective and high dropout-resilience secure aggregation protocol based on homomorphic Pseudorandom Generator and Paillier, which can guarantee privacy while tolerating up to almost 50% of users dropping out in both the honest but curious and actively malicious settings, and the performance of aggregation in computation and communication is independent to the dropped users. To further improve performance, we reduce the number of the ciphertexts through a homomorphic Pseudorandom Generator in the multiplicative group of integers, and decrease the running time of the server-side aggregation by computing discrete logarithms fast in Paillier. Experimental evaluation shows that the proposed protocol reduces the communication overhead by $3\times $ while achieving $2\times $ computation speedup over the prior dropout-resilience scheme.

Shiwei Lu,Ruihu Li,Wenbin Liu

DOI: https://doi.org/10.1007/s11704-023-2283-x

IF: 2.6688

2024-01-23

Frontiers of Computer Science

Abstract:Federated learning (FL) has emerged to break data-silo and protect clients' privacy in the field of artificial intelligence. However, deep leakage from gradient (DLG) attack can fully reconstruct clients' data from the submitted gradient, which threatens the fundamental privacy of FL. Although cryptology and differential privacy prevent privacy leakage from gradient, they bring negative effect on communication overhead or model performance. Moreover, the original distribution of local gradient has been changed in these schemes, which makes it difficult to defend against adversarial attack. In this paper, we propose a novel federated learning framework with model decomposition, aggregation and assembling (FedDAA), along with a training algorithm, to train federated model, where local gradient is decomposed into multiple blocks and sent to different proxy servers to complete aggregation. To bring better privacy protection performance to FedDAA, an indicator is designed based on image structural similarity to measure privacy leakage under DLG attack and an optimization method is given to protect privacy with the least proxy servers. In addition, we give defense schemes against adversarial attack in FedDAA and design an algorithm to verify the correctness of aggregated results. Experimental results demonstrate that FedDAA can reduce the structural similarity between the reconstructed image and the original image to 0.014 and remain model convergence accuracy as 0.952, thus having the best privacy protection performance and model training effect. More importantly, defense schemes against adversarial attack are compatible with privacy protection in FedDAA and the defense effects are not weaker than those in the traditional FL. Moreover, verification algorithm of aggregation results brings about negligible overhead to FedDAA.

computer science, information systems, theory & methods, software engineering

Yanling Li,Junzuo Lai,Rong Zhang,Meng Sun

DOI: https://doi.org/10.1016/j.ins.2023.119830

IF: 8.1

2024-01-01

Information Sciences

Abstract:Federated learning (FL) is a distributed machine learning framework that aims to provide privacy for local datasets while learning a global machine learning model. However, the updates exchanged in FL may indirectly reveal information about the local training datasets. To protect the confidentiality of updates, various solutions using cryptographic schemes such as secret sharing, differential privacy, and homomorphic encryption have been developed. The solutions using secret sharing often have high communication costs, while those using differential privacy require a trade-off between accuracy and privacy. Homomorphic encryption has been used to address these challenges to reduce communication costs and provide provable security. However, existing solutions based on homomorphic encryption require clients to use the same public-private key pair, which may lead to local updates disclosure. To address the existing challenges, we propose a secure and efficient multi-key aggregation protocol (MKAgg) that utilizes homomorphic encryption. The protocol allows clients to drop out at any point during the process. We construct MKAgg based on a two-server model and adopt a proxy re-encryption scheme with additively homomorphic properties to implement secure and efficient ciphertext transformation and calculation. We provide security proof to demonstrate that our MKAgg protocol meets the required security standards. Furthermore, we perform an efficiency analysis of MKAgg and evaluate its performance on various datasets. The results affirm that MKAgg is both effective and efficient for aggregation in the multi-key setting. We then apply MKAgg in FL and develop a multi-key privacy-preserving neural network scheme called MKPNFL. We analyze the security of MKPNFL and conduct tests using real-world datasets. The results demonstrate that MKPNFL is secure and practical for real-world applications.

Yogachandran Rahulamathavan,Charuka Herath,Xiaolan Liu,Sangarapillai Lambotharan,Carsten Maple

2024-10-06

Abstract:The federated learning (FL) technique was developed to mitigate data privacy issues in the traditional machine learning paradigm. While FL ensures that a user's data always remain with the user, the gradients are shared with the centralized server to build the global model. This results in privacy leakage, where the server can infer private information from the shared gradients. To mitigate this flaw, the next-generation FL architectures proposed encryption and anonymization techniques to protect the model updates from the server. However, this approach creates other challenges, such as malicious users sharing false gradients. Since the gradients are encrypted, the server is unable to identify rogue users. To mitigate both attacks, this paper proposes a novel FL algorithm based on a fully homomorphic encryption (FHE) scheme. We develop a distributed multi-key additive homomorphic encryption scheme that supports model aggregation in FL. We also develop a novel aggregation scheme within the encrypted domain, utilizing users' non-poisoning rates, to effectively address data poisoning attacks while ensuring privacy is preserved by the proposed encryption scheme. Rigorous security, privacy, convergence, and experimental analyses have been provided to show that FheFL is novel, secure, and private, and achieves comparable accuracy at reasonable computational cost.

Artificial Intelligence,Cryptography and Security